This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vundo Trojan begins sending out ransomware

Share this article:

The Vundo Trojan has changed its output from scareware to ransomware.

 

Alex Lanstein from the FireEye Malware Intelligence Lab revealed that the authors of Vundo have been pushing a piece of malware that encrypts various personal file types such as pdf, doc and jpg on your system, and ‘coincidentally' push a program called FileFix Pro 2009 which would decrypt them for a fee.

 

Lanstein said: “Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of internet malware.”

 

He explained that Vundo is a generic Trojan that is well known for pushing scareware popups for things such as XPAntiVirus and WinFixer. However in this case it was pushing a popup that ended up being a Trojan, which encrypted all the documents and rendered them unreadable on your system.

 

On the webpage for the ‘fix' at FileFixPro.com, download options are given which Lanstein revealed use server-side polymorphism (or perhaps a ton of binaries) to give a different executable every time it is downloaded. He said: “I assume this is to aggravate anti-virus detection, which appears to be working.”

 

He explained that a member of the FireEye team wrote a script to decrypt files, and in the coming days a tool will be released that can be downloaded that will decrypt all the affected files on your system.

 

 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NSA has 850 billion pieces of searchable metadata

NSA has 850 billion pieces of searchable metadata

The National Security Agency (NSA) is reported to have developed its own search engine to sift through the billions of phone calls, emails and other electronic communications it harvests and ...

PCI Security Standards Forum warns on Backoff malware

PCI Security Standards Forum warns on Backoff malware

Malware around since last year, but only now visible to anti-virus security software.

Hundreds of Norwegian energy companies hit by cyber-attacks

Hundreds of Norwegian energy companies hit by cyber-attacks

Approximately 300 oil and energy companies in Norway have been hit by one of the biggest cyber-attacks ever to have happened in the country, a government official is reported to ...